Re: [Duplicity-talk] S3 getting started

[rsync.net]

On Thu, 21 Jun 2007, Gabriel Ambuehl wrote:

> On Thursday 21 June 2007 07:01:49 mike wrote:
>
> > it would be neat if it was using something like pam_encfs or whatever,
> > where the login itself triggers totally encrypted filenames (and then
> > hopefully the file contents are encrypted somewhere - either client or
> > server)
> >
> Theoretically, you could run encfs over sshfs and achieve that (FUSE can do
> chaining from what I understand). The server would never see your data
> unencrypted (decrypting on the server is kinda besides the point in my view).
> Practically, there's something wrong in either encfs or sshfs that prevents
> it from fully working (I'm guessing it's encfs, as that one has horrible
> behavior when running rsync, too).


I believe the problem is that sshFS is, underneath, built on SFTP - so it
has a file-level granularity for changes.

So even though encFS works on a block by block level (efficient) if you
are touching a file at all over sshFS, you need to download the entire
file behind the scenes.

So encFS+sshFS would work well if you had a lot of little files ...

Can someone correct me if I am wrong about this ?  I know a lot of folks
have pursued the sshfs+encfs route and all gave it up very quickly - I
believe this is the reason why...